Thales | Security for What Matters Most
More About This Author >
Thales | Security for What Matters Most
More About This Author >
We don’t have to look too far to find the stuff of nightmares coming out of cyberspace to haunt our digital lives. Some may argue that we live with them every day. But on Halloween, we take the time to check under the bed and bring the darkest ones to light.
Monsters of the Deepfakes
It's been said that the distortion of the familiar is more frightening than the unknown. Nowhere does that apply more than to deepfakes.
These unsettling images fall somewhere in the uncanny valley of our minds (if we’re lucky). Their disguise is so complete we don’t even know it’s a mask. And this ability to hide is causing real-world damage.
- A deepfake scam prompted $25.5 million in company transfers from an engineering company. Between 2022 and 2023, deepfake fraud in North America exploded by a jaw-dropping 1,740%.
- A U.S. Senate report highlights the level of national significance deepfake attacks have attained. These attacks are primarily driven by scammers’ desire to obtain sensitive or competitive information, or to gain access to critical systems like email servers or secure networks.
- The scariest part: we no longer know what to believe. Every other day of the year, we can focus on the impact on cybersecurity (which is huge), but this Halloween, the big picture fright is that deepfakes are creating a world in which trust is undermined daily.
However, great monsters make great monster hunters; we’re just going to get savvier about where we get our facts. Listen to our podcast to find out more.
AI Models: Jekyll and Hyde
Although AI has a plethora of positive uses, savvy employees need to understand its pitfalls if they are to take full advantage of its capabilities.
The 2025 Thales Data Threat Report notes that nearly 70% of organizations cite the rapid growth of AI (and generative AI, particularly) as their most pressing security concern. One possible reason is the presence of AI hallucinations.
A common GenAI bugbear, AI hallucinations are created when AI models make up an answer rather than admitting a gap in knowledge or reasoning ability. Yes, the disclaimer at the bottom warns that “ChatGPT can make mistakes,” but it’s a far cry from highlighting which “facts” could be wrong.
MIT highlights this phenomenon in a recent study. Their research reveals that 95% of all AI pilots fail because businesses cannot cope with the AI friction. The 5% of AI models that “stick,” plan for this friction. They engineer that friction, calibrating it rather than eliminating it. If the system is uncertain, it abstains, surfaces contextual gaps, and learns from user corrections.
This “humility-first” model has already found success in high-stakes sectors like finance and aerospace.
Who’s Afraid of the Big, Bad Bots?
We all should be. This may be the year the robots are really taking over; according to the Thales 2025 Bad Bot Report, “automated traffic has surpassed human activity for the first time in a decade.”
Why should we fear them? Because, according to OWASP, they are up to no good. Released en masse, they are responsible for:
- Creating fake user accounts that flood platforms with ads and spam
- Bypassing CAPTCHA
- Falsely inflating click rates on digital advertisements
- Cashing out gift cards and crypto assets podon a large scale
- Credential stuffing and cracking
And a whole lot more (stealing the Snickers may have been in there, too).
Tim Chang, Thales VP of Application Security Products, noted that 31% of all attacks caught and mitigated by Imperva were automated, explainable by AI-driven, bot-based attacks. The easy availability of such tools has led to 45% of all bot attacks being “low-level,” with the other 55% qualifying as “advanced and moderate.”
And last year, 44% of all advanced bot attacks targeted APIs.
Who Are You Gonna Trust?
According to the Thales 2025 Digital Trust Index, consumer trust dropped for the majority of sectors last year. Not even one sector got above a 50% trust rating—now that’s scary.
What underpins the loss of customer confidence? It could be the fact that nearly one in five reported having their personal data stolen online within the past twelve months.
Organizations rely increasingly on the digital services they offer and on the online experiences they have with their customers. When people can’t trust that the information they provide to these businesses will be kept safe, they often refuse to participate. The same Thales Digital Trust Index report indicates that 86% of consumers would trust their data with a company only if it demonstrates it respects their privacy rights.
Does trust turn from a business enabler to a business nightmare?
Data is the lifeblood of critical business choices today. Without consumer data, organizations are flying blind. How can they understand their customers and what they need without (properly consented) information to inform them? Data drives decisions and data drives innovation.
The fact that consumers feel they cannot trust any sector (even to a 50% trust rating degree) is frightening in itself. For the companies who rely on consumer information to expand and grow, it’s even more so.
Are We Hiding Under the Bed?
A look at today’s most terrifying tactics might make us want to hide under the bed until digital Halloween is over. But the reality is that it never will be—unless we stop it.
From combating the bot epidemic to investing in email security that detects deepfakes, there are just as many creative ways to fight AI as there are to weaponize it. Attackers don’t have a monopoly on the technology; they’re just brazen in how they use it.
Defenders can be, too. And the more we know about their ways, the more we can face our digital demons with eyes wide open.
By staying vigilant and proactive, you can exorcise these digital nightmares for good. Happy Halloween, and may your digital domain remain secure! And don’t forget to follow us on LinkedIn for all the latest security updates.